new-site/infra/ansible/roles/sftpgo/tasks/main.yml

---
# Performance West — SFTPGo role
# Deploys the SFTPGo SFTP/FTPS server configured to use MinIO as backend
# storage and Postgres as the user database. CDR-ingestion customers
# opt-in via the portal; the puller's sftpgo_provisioner worker calls
# the admin REST API to provision/deprovision users.

- name: Ensure SFTPGo config directory
  ansible.builtin.file:
    path: "{{ project_dir }}/sftpgo"
    state: directory
    mode: "0750"

- name: Render sftpgo.json
  ansible.builtin.template:
    src: sftpgo.json.j2
    dest: "{{ project_dir }}/sftpgo/sftpgo.json"
    mode: "0640"
  notify: Restart SFTPGo

- name: Ensure sftpgo database + user (Postgres)
  community.postgresql.postgresql_db:
    name: "{{ sftpgo_pg_database }}"
    login_host: "{{ sftpgo_pg_host }}"
    port: "{{ sftpgo_pg_port }}"
    login_user: postgres
    state: present

- name: Ensure sftpgo Postgres user
  community.postgresql.postgresql_user:
    db: "{{ sftpgo_pg_database }}"
    name: "{{ sftpgo_pg_username }}"
    password: "{{ sftpgo_pg_password }}"
    priv: "ALL"
    login_host: "{{ sftpgo_pg_host }}"
    login_user: postgres
    state: present

- name: Start SFTPGo container via docker-compose
  community.docker.docker_compose_v2:
    project_src: "{{ project_dir }}"
    services:
      - sftpgo
    state: present

- name: Wait for SFTPGo admin API to be ready
  ansible.builtin.uri:
    url: "http://127.0.0.1:{{ sftpgo_admin_port }}/healthz"
    status_code: 200
    timeout: 5
  register: sftpgo_health
  retries: 12
  delay: 5
  until: sftpgo_health.status == 200

- name: Create initial SFTPGo admin user (idempotent — errors on exists)
  ansible.builtin.uri:
    url: "http://127.0.0.1:{{ sftpgo_admin_port }}/api/v2/admins"
    method: POST
    body_format: json
    body:
      username: "{{ sftpgo_admin_user }}"
      password: "{{ sftpgo_admin_password }}"
      status: 1
      permissions: ["*"]
      description: "Performance West provisioning admin"
    status_code: [201, 409]      # 409 = already exists